CVE-2021-27803

Name
CVE-2021-27803
Description
A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mitigation https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
Patch https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
Mailing List https://www.openwall.com/lists/oss-security/2021/02/25/3
Mailing List http://www.openwall.com/lists/oss-security/2021/02/27/1
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOGP2VIVVXXQ6CZ2HU4DKGPDB4WR24XF/
Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZGUR5XFHATVXTRAEJMODS7ROYHA56NX/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEHS2CFGH3KCSNPHBHNGN5SGV6QPMLZ4/
DEBIAN https://www.debian.org/security/2021/dsa-4898

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* wpa_supplicant >= 1.0 < 2.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
wpa_supplicant 3.10-main 2.8-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
wpa_supplicant 3.13-main 2.9-r11 Natanael Copa <ncopa@alpinelinux.org> fixed
wpa_supplicant 3.12-main 2.9-r8 Natanael Copa <ncopa@alpinelinux.org> fixed
wpa_supplicant 3.11-main 2.9-r8 Natanael Copa <ncopa@alpinelinux.org> fixed
wpa_supplicant 3.14-main 2.9-r14 Natanael Copa <ncopa@alpinelinux.org> fixed
wpa_supplicant 3.15-main 2.9-r17 Natanael Copa <ncopa@alpinelinux.org> fixed